A bigger related problem: the argument that browser crypto extensions should be high-level (autogenerating secure keys, automatically MAC'ing ciphertexts, picking the block cipher mode for you) is not winning the day. So what we're going to end up with is an OpenSSL-style interface:

  x = new Cipher("AES"); 
  x.blockmode = "CBC";
  // defaults to all zeroes
  // x.iv = "ABCDABCDABCDABCD"; 
  x.key = "YELLOW SUBMARINE";
  x.encrypt << "This is my plaintext";

In a sense, this is great news for me, because it means I get another 5-10 years of crypto vulnerabilities to get paid to eradicate. But if you're hoping for simple, usable cryptographically strong security in common web apps... well, keep hoping.